standard
turbot/azure_compliance

Trigger: Detect & correct Key Vaults with non-RBAC keys without expiration date

Detect key vaults with non-RBAC keys that do not have an expiration date set and then set expiration date.

Query

with non_rbac_vault as (
select
name
from
azure_key_vault
where
not enable_rbac_authorization
)
select
concat(
kvk.id,
' [',
kvk.subscription_id,
'/',
kvk.resource_group,
']'
) as title,
kvk.id as id,
kvk.name,
kvk.subscription_id,
kvk.vault_name as vault_name,
kvk._ctx ->> 'connection_name' as conn
from
azure_key_vault_key kvk
left join non_rbac_vault as v on v.name = kvk.vault_name
where
enabled
and expires_at is null
and v.name is not null;

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/KeyVault